This October marks the 15th year of Cybersecurity Awareness Month. While we in the industry know that cybersecurity is a 365 day a year commitment, I’m happy to use October as the platform to remind small and medium sized businesses (SMBs) what they could and should be doing to keep their company, employees and customer data safe.
Take a page from the enterprise. When it comes to cybersecurity, the difference between an enterprise organization and an SMB is just size. SMBs have data – more than they think – and a lot of that data can make or break the business. From people to pricing to payment systems – the only difference is the volume.
- Enterprise organizations start with an audit. SMBs should start with knowing what information you have, where you’re keeping it and decide what you don’t want to share by accident.
- Enterprise organizations develop a strategy. SMBs should answer these questions:
- Who are you going to share information with?
- What information are you going to keep?
- Where are you going to store information?
- How are you going to keep valuable information safe?
- Who internally should have access to the information?
- Enterprise organizations use a combination of solutions to protect data, the network and the perimeter. SMBs should do the same while making sure to understand and implement protections mandated by law, like PCI DSS or HIPAA.
SMBs may think it’s not easy to act like an enterprise organization, but in reality it is. The IT team might be you, your HR team might be the same. More likely than not, accounting, legal and banking are outsourced. When thinking about your cybersecurity audit, strategy and solutions there’s help through the channel. We call it channel, you may know it as resellers and partners. Reputable resellers with an ecosystem of technology organizations can advise, provide and help you implement the best solutions for your business. Don’t think you can’t afford a topnotch solution – they’re priced at scale and resellers have access to solutions used to secure the most critical information on the planet.
It’s not over yet. Make sure your business – every employee and vendor that touches it practices good security hygiene. Take the time to remind anyone doing business with you to:
- Encrypt sensitive data – keep it protected as it travels to its final destination.
- Be laser focused when opening emails and attachments. Simple tricks to make sure you know the sender and that the attachment is expected can protect all of your systems.
- Don’t download anything without confirming it’s an update or upgrade you’re expecting.
If I can provide any advice, it’s take this October to give your company’s cybersecurity strategy a good look.